1. Field of the Invention
The present invention relates to an encryption apparatus that performs encryption processing using a so-called “public key cryptosystem”.
2. Description of the Related Art
In recent years, various services using various communication technologies, such as electronic commerce and online shopping using the Internet or the like, have come into widespread use. Also, in recent years, with the progress in communication technologies, a communication technology using terminals and card-type devices, such as noncontact semiconductor memory cards having integrated-circuit communication functions, has been developed for use in collection of fares in public transportation and electronic money.
From the viewpoint of convenience in handling, etc., the card-type devices (hereinafter referred to as the “noncontact integrated circuit (IC) cards”) having communication functions must have small dimensions and must operate by consuming a very small amount of power.
In a service using a noncontact IC card of the above type, mutual authentication processing for authenticating the validity of another communicating party, and encryption processing for ensuring the security of data communication are ordinarily performed. For this purpose, the processing speed of the noncontact IC card must be increased. When the above functions are implemented by software, a high-frequency-clock central processing unit (CPU) is required, which is not practical. Accordingly, it is preferable not to use software, but instead to use hardware to implement the above functions.
Among noncontact IC cards provided with the above functions in hardware, many employ a so-called “common key cryptosystem”, for example, a Data Encryption Standard (DES) cryptosystem that can be implemented by circuits of relatively small dimensions and power consumption in order to suppress power consumption as much as possible.
The common key cryptosystem, which uses a common key for encryption and decryption, is vulnerable to an unauthorized third party since key data must be sent and received. Therefore, there is concern about this problem in cases such as the application of noncontact IC cards to financial services in the future.
Accordingly, in services using noncontact IC cards, a high security system employing a so-called “public key cryptosystem” has become required noncontact IC cards. In the public key cryptosystem, different keys are used for encryption and decryption, and one particular person only needs to retain a common key that must be kept secret, as in a Rivest-Shamir-Adleman (RSA) cryptosystem and the elliptic curve cryptosystem (ECC). Also, many attempts have been made to develop noncontact IC cards using a public key to perform signature creation and signature verification.
Although the public key cryptosystem has much higher security than that of the common key cryptosystem, the required number of operations is huge. The use of hardware to implement the public key cryptosystem multiplies the required circuit size by an order of magnitude, and power supplied to the enlarged circuit inevitably increases.
Therefore, noncontact IC cards employing the public key cryptosystem cannot exhibit sufficient characteristics in terms of circuit size, power consumption, and cost. In particular, since each noncontact IC card must supply most of the limited power to the circuit for encryption processing, only a type of noncontact IC card having a short communication distance (several millimeters) has actually been put to practical use.
As described above, noncontact IC cards should employ the public key cryptosystem, which provides strong security. However, it is very difficult to implement the public key cryptosystem due to restrictions concerning power to be supplied, chip size, etc.